This page does not serve as legal advice. Please determine together with your legal advisor how GDPR applies to your business.
TLDR:
- We minimise the personal data we collect by only collecting personal information when it is completely necessary to provide the Service. Currently we collect your: first name, last name, and email address.
- Your personal data is encrypted in transit and at rest.
- You are responsible for patient information entered into templates.
- Synced notes are stored end-to-end encrypted so that even we can’t access them.
- You have full control of the information you collect, store and manage with Dentascribe.
What is UK General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that allows EU citizens and residents to have access and control over their personal data.
In 2018, the UK Government took on the EU (Withdrawal) Act to prepare the country to leave the European Union. This Act incorporates several EU laws into UK domestic law. As part of the UK leaving the EU, the GDPR was incorporated into UK domestic law. The European Court of Justice enforced it in the UK until 31 December 2020.
At the beginning of 2021, the UK legal system expelled the European Union GDPR and replaced it with the UK’s GDPR. The UK and EU versions of GDPR are pretty much identical, with the UK government replaced references to things like the European parliament with UK institutions.
What is Dental Protection Act (DPA) 2018?
The UK Data Protection Act 2018 (DPA) is the UK’s implementation of the EU’s GDPR legislation in domestic UK law. It spells out exactly how the GDPR applies in the UK, including some minor additions.
Is Dentascribe GDPR and DPA Compliant?
Dentascribe is based in the UK and complies with the DPA and GDPR frameworks.
The measures we took
- Our privacy policy gives you more information about what data we collect, data retention and transfers, and outlines your data protection rights.
- All data is encrypted both in transit and at rest, and stored in a London UK server.
- Data accessibility: you have full control of the information you collect, store and manage with Dentascribe.
- Because the information you enter into templates is typically going to be sensitive patient-related data, we provide extra end-to-end encryption for this data:
- When you enter information into your templates, the data is encrypted on-device before being sent to the server.
- Unlike other server data, even personnel with authorised access to the server can’t access the contents of your encrypted information. It’s like having a locked safe inside a locked safe - even if someone gets into the first safe, they can’t open the inner, second safe. This means that in the unlikely event that the server gets compromised, your patient information remains confidential because it requires your password to access.
- When you want to re-open your note or document, the encrypted data is sent back to your device where is it unencrypted for you.
What happens with data entered into templates?
Dentascribe is the provider of a note and document templating service, and not the owner of the data entered into those templates.
Although we provide extra encryption for template data (as detailed above),
The creator (person who is entering data into templates) is ultimately responsible for the patient data he/she/they collect
… and is thus data controller of the data. Dentascribe is the processor and stores information on behalf of the template creators. As long as your account is active, you (as the creator) have full control over the data you collect, and the time period for which you store the data.
You are able to delete patient notes and documents created using your templates from your account if it would be required to do so. We honor all deletions, and all template data which has been deleted by you is permanently deleted from our back-ups within 7 days.
How do you use my personal data?
Dentascribe acts as a data controller in the relationship between Dentascribe and our customers (template creators), for the personal information you give us in order to use our service (registration information for example). Tally does not sell personal data to third parties or use it for marketing purposes or for serving advertisements.
We only share your information with our service providers who help us operate our business.
Our uses of data include:
| Data | Purpose | Legal Bases for Processing |
First name Last name Email address | We use this information to create your account on the Service. | The processing is necessary for the performance of a contract with you. |
| Email address | When you create an account and access the Service as an individual, we use this information to authenticate your account on the Service. | The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you, namely our Terms of Service. |
First name Last name Email address | We use this information to communicate with you, including sending service-related communications. | The processing is necessary for the performance of a contract with you, namely our Terms of Service. |
Sub-processors
- Supabase - Backend service
- Resend - Transactional and marketing emails
How to minimise the risks of data leaks
We’ve implemented strong technical and organizational safeguards, as described earlier, to keep your data protected.
However, it’s important to understand that no security system is perfect. While we strive to ensure the safety of your information, no online transmission or storage method can be guaranteed to be absolutely 100% risk-free. This means there’s always a slight chance that unauthorized individuals could potentially access your information.
Here’s the bottom line: we do everything in our power to protect your privacy, but when transmitting personal information through our Website, you acknowledge there’s an inherent risk.
Dentascribe takes data security seriously, but it’s also important for you to be aware of the potential risks involved in transmitting information online.
Things you can do to minimise the risk of data leaks:
- You should only access the Website within a secure environment
- Avoid entering patients’ personal, indentifying data, such as full name and date of birth, into templates